> using a Yubico HSM for key storage, but providing middleware & admin controls
> a compelling value proposition
I completely agree; I'd originally drawn up a design for an offline root CA, then an box with a separate server for an intermediate CA with HSM for intermediate keys, a second, dedicated Secure NTP server (possibly hardware based) so that certificate expiration times could be kept short.
While all that is easy enough to prototype, the complexity of hardware distribution is better left to a later point in the roadmap.
I wouldn’t use the Yubico HSM, because I think it misses a feature that would IMO add considerable value: an enforced CT-style log. If I were paying for a corporate root of trust, I would want very strong auditability. Set it up so that the HSM does not release a signature until presented with an SCT. Make it impossible for buggy or compromised host software to create bad certificates without being detected.
A hardware HSM is not magic or even especially complex. Java cards can do it (slowly). Yubikeys can do it. Other vendors’ devices can do it. Lots of microcontrollers can do it as long as you don’t need resistance to complex physical attack. A startup in this space should seriously consider building its own.
> a compelling value proposition
I completely agree; I'd originally drawn up a design for an offline root CA, then an box with a separate server for an intermediate CA with HSM for intermediate keys, a second, dedicated Secure NTP server (possibly hardware based) so that certificate expiration times could be kept short.
While all that is easy enough to prototype, the complexity of hardware distribution is better left to a later point in the roadmap.